Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GoRouter on Golang 1.5 will stop accepting connections when Proxy Protocol is enabled and a client connects without sending data #141

Closed
keymon opened this issue Jul 13, 2016 · 2 comments
Closed

GoRouter on Golang 1.5 will stop accepting connections when Proxy Protocol is enabled and a client connects without sending data #141

keymon opened this issue Jul 13, 2016 · 2 comments
Labels
accepted

Comments

@keymon
Copy link
Contributor

keymon commented Jul 13, 2016
edited
Loading

Note: This issue comes from this comment by @shashwathi

What

GoRouter recently added Proxy Protocol support by merging #126 . That PR uses the go-proxyproto library which is affected by this bug armon/go-proxyproto#1 when using Golang 1.5.

GoRouter uses Golang 1.5 so it is affected. When a client connects to gorouter with proxy protocol enabled but does not send any data, it will block gorouter and prevent it from accepting new connections.

Impact

  • Go router does behave normally and accept multiple connections, until the issue is triggered.
  • This issue happens only when Proxy Protocol is enabled, it does not affect the original behaviour.
  • This issue happens only if the incoming connection doesn't actually send over any data.
    • when behind a Proxy which uses Proxy Protocol, it will always send the PROXY header.
    • normal HTTP clients will always send HTTP headers.

How to reproduce

As described in this comment by @shashwathi

Steps to reproduce this issue:

  • Enable proxy protocol on gorouter
  • Use telnet to establish a long lived connection to GOROUTER_IP:PORT but not not send any data
  • You can use curl or telnet to establish another connection to GOROUTER_IP:PORT. If you are using curl you will notice your request just hangs.

When you disable proxy protocol and repeat the above steps, you will see that the gorouter accepts multiple connections on its port.

We have a failing test case on a branch in gorouter to demonstrate the same.

Root cause

The root cause is described in armon/go-proxyproto#1

Solution

Possible solutions are:

  • Use Goland 1.6, which is not affected by the bug.
  • Patch go-proxyproto to handle this situation, for example by timing out if no data is sent over. This approach has been implemented here
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/126232931

The labels on this github issue will be updated when the story is started.

@keymon
Copy link
Contributor Author

keymon commented Jul 13, 2016
edited
Loading

We implemented the second option Patch go-proxyproto to handle this situation, for example by timing out if no data is sent over in this PR armon/go-proxyproto#4. We implemented this feature for go router in this branch

We will give some time upstream to discuss this PR, and if it is gets merged, we will update the code in GoRouter.

Otherwise, we can copy that to the gorouter codebase, as it is a fair small implementation.

Please let us know any thoughts or comments.

This was referenced Jul 13, 2016
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@keymon @cf-gitbot